mirror of https://github.com/dapr/cli.git
Include certificate expiry check in all kubernetes commands (#899)
* Include certificate expiry check in all kubernetes commands Signed-off-by: Pravin Pushkar <ppushkar@microsoft.com> * Using PostRun from Cobra and fixing review comments Signed-off-by: Pravin Pushkar <ppushkar@microsoft.com> * Modifying logging for error on certificate check Signed-off-by: Pravin Pushkar <ppushkar@microsoft.com> * Fixing review comments Signed-off-by: Pravin Pushkar <ppushkar@microsoft.com> * Fixing string messages Signed-off-by: Pravin Pushkar <ppushkar@microsoft.com>
This commit is contained in:
parent
5a8c3314ce
commit
34353a27e2
|
@ -39,6 +39,9 @@ var ComponentsCmd = &cobra.Command{
|
|||
}
|
||||
}
|
||||
},
|
||||
PostRun: func(cmd *cobra.Command, args []string) {
|
||||
kubernetes.CheckForCertExpiry()
|
||||
},
|
||||
Example: `
|
||||
# List Kubernetes components
|
||||
dapr components -k
|
||||
|
|
|
@ -39,6 +39,9 @@ var ConfigurationsCmd = &cobra.Command{
|
|||
}
|
||||
}
|
||||
},
|
||||
PostRun: func(cmd *cobra.Command, args []string) {
|
||||
kubernetes.CheckForCertExpiry()
|
||||
},
|
||||
Example: `
|
||||
# List Kubernetes Dapr configurations
|
||||
dapr configurations -k
|
||||
|
|
|
@ -181,6 +181,11 @@ dapr dashboard -k -p 9999
|
|||
}
|
||||
}
|
||||
},
|
||||
PostRun: func(cmd *cobra.Command, args []string) {
|
||||
if kubernetesMode {
|
||||
kubernetes.CheckForCertExpiry()
|
||||
}
|
||||
},
|
||||
}
|
||||
|
||||
func init() {
|
||||
|
|
|
@ -87,6 +87,11 @@ dapr list -k
|
|||
outputList(list, len(list))
|
||||
}
|
||||
},
|
||||
PostRun: func(cmd *cobra.Command, args []string) {
|
||||
if kubernetesMode {
|
||||
kubernetes.CheckForCertExpiry()
|
||||
}
|
||||
},
|
||||
}
|
||||
|
||||
func init() {
|
||||
|
|
|
@ -44,6 +44,9 @@ dapr logs -k --app-id sample --pod-name target --namespace custom
|
|||
}
|
||||
print.SuccessStatusEvent(os.Stdout, "Fetched logs")
|
||||
},
|
||||
PostRun: func(cmd *cobra.Command, args []string) {
|
||||
kubernetes.CheckForCertExpiry()
|
||||
},
|
||||
}
|
||||
|
||||
func init() {
|
||||
|
|
|
@ -47,6 +47,9 @@ dapr mtls -k
|
|||
}
|
||||
fmt.Printf("Mutual TLS is %s in your Kubernetes cluster \n", status)
|
||||
},
|
||||
PostRun: func(cmd *cobra.Command, args []string) {
|
||||
kubernetes.CheckForCertExpiry()
|
||||
},
|
||||
}
|
||||
|
||||
var ExportCMD = &cobra.Command{
|
||||
|
@ -60,12 +63,15 @@ dapr mtls export -o ./certs
|
|||
err := kubernetes.ExportTrustChain(exportPath)
|
||||
if err != nil {
|
||||
print.FailureStatusEvent(os.Stderr, fmt.Sprintf("error exporting trust chain certs: %s", err))
|
||||
return
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
dir, _ := filepath.Abs(exportPath)
|
||||
print.SuccessStatusEvent(os.Stdout, fmt.Sprintf("Trust certs successfully exported to %s", dir))
|
||||
},
|
||||
PostRun: func(cmd *cobra.Command, args []string) {
|
||||
kubernetes.CheckForCertExpiry()
|
||||
},
|
||||
}
|
||||
|
||||
var ExpiryCMD = &cobra.Command{
|
||||
|
|
|
@ -54,6 +54,9 @@ dapr status -k
|
|||
|
||||
utils.PrintTable(table)
|
||||
},
|
||||
PostRun: func(cmd *cobra.Command, args []string) {
|
||||
kubernetes.CheckForCertExpiry()
|
||||
},
|
||||
}
|
||||
|
||||
func init() {
|
||||
|
|
|
@ -45,6 +45,9 @@ dapr upgrade -k
|
|||
}
|
||||
print.SuccessStatusEvent(os.Stdout, "Dapr control plane successfully upgraded to version %s. Make sure your deployments are restarted to pick up the latest sidecar version.", upgradeRuntimeVersion)
|
||||
},
|
||||
PostRun: func(cmd *cobra.Command, args []string) {
|
||||
kubernetes.CheckForCertExpiry()
|
||||
},
|
||||
}
|
||||
|
||||
func init() {
|
||||
|
|
|
@ -28,12 +28,14 @@ import (
|
|||
apierrors "k8s.io/apimachinery/pkg/api/errors"
|
||||
meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
||||
"github.com/dapr/cli/pkg/print"
|
||||
"github.com/dapr/dapr/pkg/apis/configuration/v1alpha1"
|
||||
)
|
||||
|
||||
const (
|
||||
systemConfigName = "daprsystem"
|
||||
trustBundleSecretName = "dapr-trust-bundle" // nolint:gosec
|
||||
systemConfigName = "daprsystem"
|
||||
trustBundleSecretName = "dapr-trust-bundle" // nolint:gosec
|
||||
warningDaysForCertExpiry = 30 // in days
|
||||
)
|
||||
|
||||
func IsMTLSEnabled() (bool, error) {
|
||||
|
@ -107,6 +109,32 @@ func ExportTrustChain(outputDir string) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
// Check and warn if cert expiry is less than `warningDaysForCertExpiry` days.
|
||||
func CheckForCertExpiry() {
|
||||
expiry, err := Expiry()
|
||||
// The intent is to warn for certificate expiry, only when it can be fetched.
|
||||
// Do not show any kind of errors with normal command flow.
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
daysRemaining := int(expiry.Sub(time.Now().UTC()).Hours() / 24)
|
||||
|
||||
if daysRemaining < warningDaysForCertExpiry {
|
||||
warningMessage := ""
|
||||
switch {
|
||||
case daysRemaining == 0:
|
||||
warningMessage = "Dapr root certificate of your Kubernetes cluster expires today."
|
||||
case daysRemaining < 0:
|
||||
warningMessage = "Dapr root certificate of your Kubernetes cluster has expired."
|
||||
default:
|
||||
warningMessage = fmt.Sprintf("Dapr root certificate of your Kubernetes cluster expires in %v days.", daysRemaining)
|
||||
}
|
||||
helpMessage := "Please see docs.dapr.io for certificate renewal instructions to avoid service interruptions."
|
||||
print.WarningStatusEvent(os.Stdout,
|
||||
fmt.Sprintf("%s Expiry date: %s. \n %s", warningMessage, expiry.Format(time.RFC1123), helpMessage))
|
||||
}
|
||||
}
|
||||
|
||||
func getTrustChainSecret() (*corev1.Secret, error) {
|
||||
_, client, err := GetKubeConfigClient()
|
||||
if err != nil {
|
||||
|
|
|
@ -490,7 +490,7 @@ func uninstallTest(all bool) func(t *testing.T) {
|
|||
go waitPodDeletion(t, done, podsDeleted)
|
||||
select {
|
||||
case <-podsDeleted:
|
||||
t.Log("pods were delted as expected on uninstall")
|
||||
t.Log("pods were deleted as expected on uninstall")
|
||||
return
|
||||
case <-time.After(2 * time.Minute):
|
||||
done <- struct{}{}
|
||||
|
|
Loading…
Reference in New Issue